Use static analysis to scan source code for security vulnerabilities. To accomplish this, download a small client utility and use its command line interface (CLI) perform security analysis on all supported languages. The client utility also contains a Maven plugin that can be used to scan Java projects. Static analysis plug-ins for Eclipse, IntelliJ IDEA, and Visual Studio are available through their respective marketplaces. Once plugins are installed, you can scan Java projects in Eclipse and IntelliJ IDEA, or .NET (C#, ASP.NET, VB.NET) projects in Visual Studio.

Whether you use third-party scanners or conduct manual pen tests to discover issues, you can import the issues from a CSV file into ASoC for triaging.

Private sites

an AppScan Presence on your server enables
you to scan sites not accessible from the Internet.

For web apps that are not accessible from the Internet, and mobile apps that
connect to a back-end server that is not available from the Internet, you must create an AppScan
Presence, with access to the web app or back-end server, and to the Internet, to be able to scan.
Then follow the regular instructions for mobile or dynamic scanning. The same presence can be used
for Android apps, iOS apps and websites. Proxy connections are supported.